[Mimedefang] What about DKIM

David F. Skoll dfs at roaringpenguin.com
Wed May 22 10:02:43 EDT 2013

On Wed, 22 May 2013 15:35:28 +0200
Renaud Pascal <renaud.pascal at atos.net> wrote:

> well, after all wasn't SPF an idea from Microsoft, a gang of squares
> thinking they're geeks...

SPF was created by Meng Wong of pobox.com, not by Microsoft.  Microsoft
had it's own invention called "Caller ID for Email" that was later
merged into "Sender ID" which is a (IMO) defective bastardization
of SPF and Caller ID for Email.

DKIM emerged from Yahoo!'s DomainKeys specification and addresses the
problem from a completely different viewpoint; instead of specifying
machines allowed to relay for a domain, DKIM provides
cryptographically-secure evidence that a message passed through a
"responsible" relay.  Unlike SPF, DKIM can validate the From:
header field.

DMARC adds feedback to DKIM/SPF so that domain owners can see if their
domain is being abused (for example, in phishing attacks.)

Every single one of these protocols has defects that make them completely
useless for combatting spam and mostly useless for combatting phishing.
Welcome to Internet email.



More information about the MIMEDefang mailing list